| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
An inititial implementation of TPS UI has been added. The UI will
display TPS resources as tables.
Ticket #654
|
| |
|
|
|
| |
The build scripts have been modified to accept an optional parameter
to build pki-core without the server packages.
|
| |
|
|
|
|
|
| |
The Backbone library and its dependency (Underscore) have been added
to the common web application.
Ticket #654
|
| |
|
|
|
|
|
| |
The jQuery library its internationalization plugin have been replaced
with the development version.
Ticket #654
|
| |
|
|
|
| |
The pki-cmsbundle.jar is distributed in pki-server package so the files
have been moved into the base/server folder.
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators in each subsystem
to access the selftests.
Ticket #652
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Migration scripts have been added to update the registry file
for tomcat instances to use PKI_INSTANCE_NAME instead of PKI_INSTANCE_ID.
File ownershipof the registry file and log files is also fixed.
Also removed unused lock file logic in operations startup script.
This is for migration from 10.0 -> 10.1
Ticket 805
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ACL mapping files have been renamed from auth.properties to
acl.properties to match the actual content and moved into the
subsystem conf folder. The authentication method mapping files
have been extracted from the interceptor into actual files.
The ACLInterceptor and AuthMethodInterceptors have been modified to read
the default mapping first, then overwrite it with custom mapping if it
exists in the subsystem folder.
The UpdateAuthzProperties upgrade script has been replaced with
RemoveAuthProperties that will remove the old auth.properties.
|
| |
|
|
|
|
|
|
| |
Some TPS services have been fixed to return ResourceNotFoundException
and ConflictingOperationException on non-existent entries and duplicate
entries, respectively.
Ticket #749
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS profile mappings.
Ticket #652
|
| |
|
|
|
| |
The man page for pki CLI has been updated to include the commands
for managing the client security database.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously client-cert-import uses a JSS method that calls NSS
function PK11_ImportDERCertForKey(). To import certificate without
key it should use PK11_ImportCert but it's only available via
certutil. So for now the client-cert-import has been modified to
call certutil until the interface is added to JSS.
The MainCLI has been modified not to call CryptoManager.initialize()
to avoid locking up the security database while importing the
certificate using certutil.
|
| |
|
|
| |
Ticket 803
|
| |
|
|
|
|
| |
This patch provides REST interface extension allowing recovery of asymmetric keys.
Ticket #439.
|
| |
|
|
|
|
| |
The key-find command did not return any results due to recent changes.
The method name in KeyDataInfos has been fixed such that XML mapping
would work properly.
|
| |
|
|
|
| |
A new CLI command has been added to simplify the creation of client
certificate database.
|
| |
|
|
|
| |
The ACL and auth method mapping names in some resources have been
modified to be more consistent with those in other resources.
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS selftests.
Ticket #652
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS connections.
Ticket #652
|
| |
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS configuration.
Ticket #652
|
| |
|
|
|
|
|
|
|
|
| |
New ACL has been added to allow only the administrators to access
TPS authenticators.
The set of interceptors in each application has been modified to
preserve the order.
Ticket #652
|
| |
|
|
|
|
|
|
| |
The CLI command parsing has been fixed such that it consumes all
parts of the commands. If there's unprocessed component it means
it is an invalid command.
Ticket #787
|
| |
|
|
|
|
| |
The find commands in some REST services have been modified to support
paging to be consistent with others. The other find commands have been
cleaned up as well.
|
| |
|
|
|
|
|
| |
Some REST methods have been modified to check for null parameters
and return the proper error code.
Ticket #749
|
| |
|
|
|
|
|
| |
Some REST services have been modified to throw BadRequestException
on null parameters.
Ticket #749
|
| |
|
|
|
|
|
|
|
|
|
| |
Some of the REST services have been fixed to consistently return a
DataCollection which contains the total count, the requested subset
of results, and links to request other subsets of the results.
The TPSConnectorFindCLI has been split into separate find and show
commands.
Ticket #749
|
| |
|
|
|
|
|
|
|
| |
The configuration code has been modified not to remove the LDAP database
folder since it may not have access to it. It will also not continue
with the cleanup if the database is used by another subtree.
Manual removal of old entries in the subtree is redundant so the code
has been removed. The exception handling has been improved as well.
|
| |
|
|
|
|
|
| |
Bug in tomcat for security manager has been resolved.
Updated tomcat requirement accordingly.
Ticket 774
|
| |
|
|
|
|
|
|
|
| |
The user and group services have been modified to return consistent HTTP
return codes under various situations. The UGSubsystem has been modified
to capture any LDAP exceptions and throw the proper PKIException subclass
that represents the appropriate HTTP error code for the situation.
Ticket #669, #749
|
| |
|
|
| |
Ticket 749
|
| |
|
|
| |
Also added some missing checks, and some missing options in the Key Request CLI
|
| |
|
|
| |
Ticket 749
|
| |
|
|
| |
Ticket 749
|
| |
|
|
| |
* TRAC Ticket #760 - Tpsclient Failure on F20 and TPS
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following commands have been renamed. The old commands will
no longer work.
* profile -> ca-profile
* kraconnector -> ca-kraconnector
The following commands have also been renamed, but the old commands
will continue to work:
* cert -> ca-cert
* key -> kra-key
The user and group commands have already been renamed to <subsytem>-
user and <subsystem>-group. The old commands will continue to work
and will use CA subsystem by default.
Ticket #701
|
| |
|
|
|
|
|
| |
A new REST service and clients have been added to manage the profiles
in the TPS configuration file.
Ticket #652
|
| |
|
|
|
|
|
| |
The ACL and ACLEntry in com.netscape.cmscore.realm are duplicates
of the ones in com.netscape.certsrv.acls. They have been removed
since they are no longer used. All differences have been merged
into the remaining copy.
|
| |
|
|
|
|
|
|
| |
The following commands have been renamed for consistency:
* client-cert-remove -> client-cert->del
* group-member-remove -> group-member-del
* user-cert-remove -> user-cert-del
* user-membership-remove -> user-membership-del
|
| |
|
|
|
|
|
|
| |
Previously the GroupMemberProcessor class inherits from CAProcessor that
can only run on CA. To fix the problem a generic Processor has been
created as a super class of the CAProcessor and some of the fields and
methods that are not CA-specific have been moved into the super class.
The GroupMemberProcessor will now inherit directly from the super class.
|
| |
|
|
|
|
| |
The Processor class depends on CertificateAuthority subsystem which
only exists on CA, so the class has been renamed to CAProcessor to
reflect the dependency.
|
| |
|
|
|
| |
The CLI framework has been modified to support deprecating CLI
commands by adding @Deprecated to the class name.
|
| |
|
|
|
|
|
|
|
| |
The upgrade framework has been modified to backup the files used
to track the upgrade progress. If the tracker file is also modified
by the upgrade scriptlet, it will only keep the initial backup
(before any modifications were made).
Ticket #763
|
| |
|
|
|
|
|
|
| |
Change the --output option to --file for providing a file to store the
certificate request to be reviewed using the cert-request-review cli command.
Update the man page entry for the same.
Ticket #674
|
| |
|
|
|
| |
The test classes have been moved from base/common/test to base/server/test
and into the cmscore package because they are dependent on server classes.
|
| |
|
|
|
| |
Should now be SHA256 by default.
Bugzilla BZ 1024445
|
| |
|
|
|
|
|
|
|
| |
Previously the CMS.shutdown() was called multiple times during Tomcat
shutdown, one by CMSStarServlet.destroy() and the other by the shutdown
hook, causing some errors. The shutdown hook should only be used in a
standalone application, so it has been moved into CMS.main().
Bugzilla #1018628
|
| |
|
|
|
|
|
| |
The DoUnrevoke servlet has been modified to re-throw the EBaseException
such that the error message can be returned properly to the client.
Ticket #739
|
| |
|
|
|
|
|
| |
The TPS token REST interface has been modified to require client certificate
authentication. TPS admins, agents, and operators are allowed to view tokens,
but only admins are allowed to add and remove tokens, and only agents are
allowed to modify tokens.
|
| |
|
|
|
| |
The CertEnrollmentRequest, ProfileInput, ProfileAttribute, and Descriptor
have been cleaned up to fix some bugs and minor formatting issues.
|
| |
|
|
|
| |
The tomcat, cms, and cmscore packages have been moved from base/common
into separate folders in base/server so that they can be built separately.
|
